71720d5c1bcb62318579c0a9f0ef6589[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

71720d5c1bcb62318579c0a9f0ef6589.bin
Size

2.3MB
MD5

f46c1b7d43930ac9bd111ebfc440609d
SHA1

c1327f542b573066f4e5a394ddc4c17d2ebd1bf6
SHA256

5c7aeff1346640a437adf232f85afa54445e9bd2218d5649deeaa9e1a56309cc
SHA512

f5c14e226f13ee0779fc135396441f47b11e2f19f07ff5e897013e6d6a1a030a21f22f80247cf71473bb790ffef9cf985b94a431ef02add430e9fc9381a1b437
SSDEEP

49152:9mZ37bs7Vsd8kNy2l/jaGyb+unxU2Sxq3G9ddCbKc+FyMirDucEnsTSfCrqnN:9mcsd8kNyIjH0KBYqddnFO3bEn2yCrSN

Score

1^/10

Malware Config

Signatures

Files

71720d5c1bcb62318579c0a9f0ef6589.bin
.zip

Password: infected
5b13cdbf2361563609f7fee3fc9fffc03cfcc22c504ed7c963ff8caa7def93b8.bin
.exe windows x64

Password: infected

4128cb0cd358f3e3d9953a21922a6504

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:48:9e:1f:0f:59:f1:da:22:e3:c1:1b:90:b7:ab:99
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/05/2022, 00:00

Not After

15/05/2025, 23:59

Subject

SERIALNUMBER=27343208,CN=Act-3D B.V.,O=Act-3D B.V.,ST=Zuid-Holland,C=NL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024e4c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:cf:4c:30:33:1b:ae:b7:22:76:77:b0:52:28:8c:12:67:b4:63:f8
Signer

Actual PE Digest

fe:cf:4c:30:33:1b:ae:b7:22:76:77:b0:52:28:8c:12:67:b4:63:f8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

kernel32

FormatMessageA
SetConsoleTextAttribute
GetStdHandle
SizeofResource
GetThreadLocale
GetLocaleInfoEx
GetTempPathW
LCIDToLocaleName
FormatMessageW
LockResource
FindResourceExW
LoadResource
FindResourceW
CreateProcessW
GetModuleHandleW
GetVolumeInformationA
GetVolumeNameForVolumeMountPointA
ReadFile
OutputDebugStringA
SetFilePointer
GetFileAttributesW
GetSystemDirectoryW
Sleep
DeleteFileA
DeleteFileW
GetFileSize
CreateDirectoryW
OutputDebugStringW
GetModuleFileNameA
FindFirstFileW
GetFileSizeEx
FindNextFileW
FindClose
RemoveDirectoryA
CreateEventW
ResetEvent
ReadDirectoryChangesW
SetLastError
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LocalFree
CreateFileW
WriteFile
AllocConsole
SetConsoleTitleA
TerminateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetWindowsDirectoryW
CloseHandle
FreeEnvironmentStringsW
DuplicateHandle
ResumeThread
SuspendThread
WaitForSingleObject
GetModuleFileNameW
GetCurrentProcess
GetTickCount
SetFileApisToOEM
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
GetCommandLineW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
ExitProcess
SetEnvironmentVariableW
ExitThread
WriteConsoleW
GetModuleHandleExW
GetFileType
RtlUnwindEx
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
SetProcessAffinityMask
VirtualProtect
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
HeapFree
RtlCaptureStackBackTrace
CompareFileTime
SetEndOfFile
SetThreadExecutionState
QueryPerformanceFrequency
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerSetConditionMask
FindCloseChangeNotification
FindFirstChangeNotificationW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetModuleHandleA
SetConsoleCtrlHandler
FileTimeToLocalFileTime
FileTimeToSystemTime
GetConsoleMode
SetConsoleMode
SetEvent
ReleaseSemaphore
CreateSemaphoreW
SetThreadAffinityMask
VirtualAlloc
VirtualFree
LoadLibraryExW
LoadLibraryW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
RtlUnwind
SetFileTime
DeviceIoControl
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
MoveFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumeInformationW
GlobalMemoryStatusEx
GetSystemInfo
GetProcessAffinityMask
IsProcessorFeaturePresent
RtlPcToFileHeader
EncodePointer
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
GetStringTypeW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFullPathNameW
AreFileApisANSI
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
SetFilePointerEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation

user32

CloseClipboard
OpenClipboard
GetDesktopWindow
EmptyClipboard
GetClipboardData
SetClipboardData
GetActiveWindow
GetWindowTextLengthW
IsWindow
EnumWindows
GetWindowTextW
UnregisterClassW
GetCursorPos
GetWindowRect
TrackMouseEvent
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessageTime
PostMessageW
WaitMessage
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
GetLayeredWindowAttributes
SetLayeredWindowAttributes
FlashWindow
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
SetFocus
GetKeyState
MapVirtualKeyW
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
GetSystemMetrics
SetForegroundWindow
GetDC
ReleaseDC
RedrawWindow
SetPropW
GetPropW
RemovePropW
SetWindowTextW
GetClientRect
AdjustWindowRectEx
SetCursorPos
SetCursor
ClientToScreen
ScreenToClient
WindowFromPoint
ClipCursor
SetRect
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongPtrW
LoadCursorW
DestroyIcon
LoadImageW
CreateIconIndirect
SystemParametersInfoW
MonitorFromWindow
GetMonitorInfoW
GetRawInputData
RegisterRawInputDevices
GetRawInputDeviceInfoA
GetRawInputDeviceList
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplayMonitors
RegisterDeviceNotificationW
UnregisterDeviceNotification
ToUnicode
CharPrevExA
CharUpperW
MessageBoxW
wsprintfA
SendMessageW

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
SystemFunction036
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
GetFileSecurityW
RegQueryValueExW
OpenProcessToken

shell32

SHParseDisplayName
DragFinish
DragQueryPoint
DragQueryFileW
SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
SHCreateShellItem
ord155
DragAcceptFiles
SHBrowseForFolderW
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoInitializeEx

oleaut32

VariantClear
SysStringLen
SysAllocStringLen
SysFreeString
VariantCopy
SysAllocString

wininet

HttpSendRequestExW
HttpEndRequestW
HttpOpenRequestW
InternetOpenW
HttpQueryInfoW
InternetSetFilePointer
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
InternetWriteFile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

opengl32

wglGetProcAddress

shlwapi

PathFileExistsW
SHDeleteKeyW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

gdi32

DeleteObject
CreateDIBSection
CreateDCW
DeleteDC
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
CreateRectRgn
CreateBitmap

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4128cb0cd358f3e3d9953a21922a6504

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

5a:48:9e:1f:0f:59:f1:da:22:e3:c1:1b:90:b7:ab:99Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

fe:cf:4c:30:33:1b:ae:b7:22:76:77:b0:52:28:8c:12:67:b4:63:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

version

opengl32

shlwapi

imm32

gdi32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 60KB - Virtual size: 128KB

.pdata Size: 189KB - Virtual size: 189KB

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 14KB - Virtual size: 14KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

5a:48:9e:1f:0f:59:f1:da:22:e3:c1:1b:90:b7:ab:99
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

fe:cf:4c:30:33:1b:ae:b7:22:76:77:b0:52:28:8c:12:67:b4:63:f8
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 60KB - Virtual size: 128KB

.pdata
Size: 189KB - Virtual size: 189KB

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 14KB - Virtual size: 14KB